21 March 2012

Today it was decided that the European Union Data Retention Directive will be implemented in Sweden, after the government proposal was passed by the numbers 233-41 in Parliament this afternoon.

Reaction to terrorism
The EU Data Retention Directive was created after the terrorist attack in Madrid in March 2004, when 191 people died. A driving force behind the directive was the then Swedish Minister for Justice, but in spite of that Sweden has been slow to accept it. Even today the discussions in Parliament took several hours before the voting could take place.

Data kept for law enforcement
The Data Retention Directive imposes governments to legislate that operators must store traffic information on their clients' communications by telephone, sms or email. The aim is that the police should be able to see who we call or e-mail, when we do it and where we are when doing it. The content of messages must not be saved. Data will be stored for at least six months, and it must only be used when investigating serious crimes.

Helpful to the police
Where the retention laws have been implemented they have already been a good help in law enforcement. Europol recently revealed a large child pornography network thanks to data storage, and
by tracking e-mail traffic the French police has found a murderer responsible for some very tragic killings earlier this week,. In that light it is difficult to object to the Retention Directive, but it is absolutely vital that it is strongly regulated, and that does not seem to be the case today.

Criticized directive
The EU Retention Directive is controversial because it involves an invasion of privacy. The basic principle in both the EU and Swedish legislations is that no outsider has the right to take part of our communications by telephone or e-mail. The only exception is if you are suspected of a crime. The Data Retention Directive is a departure from that principle because data is stored whether someone is suspected of a crime or not.

EU reports on flaws
An upcoming report by Swedish EU Commissioner Cecilia Malmström shows that The Data Retention Directive has major security problems. Ms. Malmström wants to change it, to tighten the retention periods and who may request information from operators. “My ambition is to present a proposal that will provide much greater clarity regarding these deficiencies - how to use it, who gets access, and what protection there is. I think everyone realizes that we need to clean up in this Directive”, she says.

One problem is that the EU member countries in many cases have poor statistics on how the data retention has been managed and used in practice. Critics argue that it is therefore impossible to make the necessary assessment to decide if the intrusion into the personal sphere is proportional to the benefit of law enforcement.
The work continues, and we follow it with great interest.